CVE-2016-5384

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions fontconfig versions prior to 2.12.1

Description The issue allows local users to trigger arbitrary free calls and conduct double free attacks, potentially leading to the execution of arbitrary code. This can be achieved via a crafted cache file.

Recommendations For versions prior to 2.12.1, update to version 2.12.1 or later to resolve the issue.

Fix

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415

Related Identifiers

ALT-PU-2016-1838

CESA-2016_2601

CVE-2016-5384

DLA-587-1

DSA-3644-1

MGASA-2016-0287

RHSA-2016:2601

RHSA-2016_2601

SUSE-SU-2016:2186-1

SUSE-SU-2016:2190-1

SUSE-SU-2016_2186-1

SUSE-SU-2016_2190-1

USN-3063-1

Affected Products

Alt Linux

Centos

Red Hat

Suse

Ubuntu

Fontconfig

CVE-2016-5384

Weakness Enumeration

Related Identifiers

Affected Products

References · 28